“This defendant took advantage of his position as Equifax’s USIS Chief Information Officer and allegedly sold over $950,000 worth of stock to profit before the company announced a data breach that impacted over 145 million Americans,” Pak said in the release. “Our office takes the abuse of trust inherent in insider trading very seriously and will prosecute those who seek to profit in this manner.”

The release said Ying, 42, of Atlanta, will be arraigned this week. He was indicted Tuesday, the release said.

The breach led to the ousting of former CEO Rick Smith. The U.S. Attorney’s Office and FBI and a group of state attorneys general are investigating the breach and how it happened. The Securities and Exchange Commission also is investigating.

In a statement, Equifax Interim CEO Paulino Do Rego Barros, Jr., said “Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities.”

“We are fully cooperating with the DOJ and the SEC, and will continue to do so,” the CEO’s statement said. “We take corporate governance and compliance very seriously, and will not tolerate violations of our policies.”

The breach became public in September of last year, but its origins trace back to March 2017 when the U.S. Department of Homeland Security alerted Equifax of the need to patch a vital software application used on its websites and those of many major companies.

Smith, the former chairman and CEO, told Congress in October the alert was sent the next day via email to the Equifax personnel who oversee security of the application, known as Apache Struts. It’s Equifax’s policy that such security updates be made within 48 hours.

But in this case, it wasn’t.

That vulnerability allowed hackers to access some of the most valuable and sensitive personal information on the planet.

A week after Equifax first received the Apache Struts alert from DHS, a scan that “should have identified any systems that were vulnerable” didn’t, leaving the vulnerability in place, Smith told Congress in October. Equifax didn’t notice suspicious activity within its systems until July 29.

Equifax has said hackers gained access to the company’s systems from May 13 to July 30 of last year.

In the release, Ying alleged texted a colleague on Aug. 25 about the breach saying “Sounds bad. We may be the one breached.”

Days later, Pak’s office said Ying searched on the web about Experian’s 2015 data breach and its effect on the credit bureau’s stock price. The same day, prosecutors say Ying exercised his stock options for more than 6,800 shares, which he allegedly sold for proceeds of more than $950,000, and a profit of more than $480,000.